svn commit: samba r8326 - in branches/SAMBA_3_0/source/rpc_server: .

Mon Jul 11 18:59:56 GMT 2005

Author: jerry
Date: 2005-07-11 18:59:54 +0000 (Mon, 11 Jul 2005)
New Revision: 8326

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=8326

Log:
factor out the delete printer code to a delete_printer_hook() for reuse
Modified:
   branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c


Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c
===================================================================

--- branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c	2005-07-11 18:37:15 UTC (rev 8325)
+++ branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c	2005-07-11 18:59:54 UTC (rev 8326)
@@ -348,7 +348,59 @@
 /****************************************************************************
  Delete a printer given a handle.
 ****************************************************************************/
+WERROR delete_printer_hook( NT_USER_TOKEN *token, const char *sharename )
+{
+	char *cmd = lp_deleteprinter_cmd();
+	pstring command;
+	int ret;
+	SE_PRIV se_printop = SE_PRINT_OPERATOR;
+	BOOL is_print_op = False;
+		
+	/* can't fail if we don't try */
+	
+	if ( !*cmd )
+		return WERR_OK;
+		
+	pstr_sprintf(command, "%s \"%s\"", cmd, sharename);
 
+	if ( token )
+		is_print_op = user_has_privileges( token, &se_printop );
+	
+	DEBUG(10,("Running [%s]\n", command));
+
+	/********** BEGIN SePrintOperatorPrivlege BLOCK **********/
+	
+	if ( is_print_op )
+		become_root();
+		
+	if ( (ret = smbrun(command, NULL)) == 0 ) {
+		/* Tell everyone we updated smb.conf. */
+		message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
+	}
+		
+	if ( is_print_op )
+		unbecome_root();
+
+	/********** END SePrintOperatorPrivlege BLOCK **********/
+	
+	DEBUGADD(10,("returned [%d]\n", ret));
+
+	if (ret != 0) 
+		return WERR_BADFID; /* What to return here? */
+
+	/* go ahead and re-read the services immediately */
+	reload_services( False );
+	
+	if ( lp_servicenumber( sharename )  < 0 )
+		return WERR_ACCESS_DENIED;
+		
+	return WERR_OK;
+}
+
+/****************************************************************************
+ Delete a printer given a handle.
+****************************************************************************/
+
 static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
 {
 	Printer_entry *Printer = find_printer_index_by_hnd(p, hnd);
@@ -369,18 +421,6 @@
 		DEBUG(3, ("delete_printer_handle: denied by handle\n"));
 		return WERR_ACCESS_DENIED;
 	}
-
-#if 0
-	/* Check calling user has permission to delete printer.  Note that
-	   since we set the snum parameter to -1 only administrators can
-	   delete the printer.  This stops people with the Full Control
-	   permission from deleting the printer. */
-
-	if (!print_access_check(NULL, -1, PRINTER_ACCESS_ADMINISTER)) {
-		DEBUG(3, ("printer delete denied by security descriptor\n"));
-		return WERR_ACCESS_DENIED;
-	}
-#endif
 	
 	/* this does not need a become root since the access check has been 
 	   done on the handle already */
@@ -390,50 +430,7 @@
 		return WERR_BADFID;
 	}
 
-	/* the delete printer script shoudl be run as root if the user has perms */
-	
-	if (*lp_deleteprinter_cmd()) {
-
-		char *cmd = lp_deleteprinter_cmd();
-		pstring command;
-		int ret;
-		SE_PRIV se_printop = SE_PRINT_OPERATOR;
-		BOOL is_print_op;
-		
-		pstr_sprintf(command, "%s \"%s\"", cmd, Printer->sharename);
-
-		is_print_op = user_has_privileges( p->pipe_user.nt_user_token, &se_printop );
-	
-		DEBUG(10,("Running [%s]\n", command));
-
-		/********** BEGIN SePrintOperatorPrivlege BLOCK **********/
-	
-		if ( is_print_op )
-			become_root();
-		
-		if ( (ret = smbrun(command, NULL)) == 0 ) {
-			/* Tell everyone we updated smb.conf. */
-			message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
-		}
-		
-		if ( is_print_op )
-			unbecome_root();
-
-		/********** END SePrintOperatorPrivlege BLOCK **********/
-
-		DEBUGADD(10,("returned [%d]\n", ret));
-
-		if (ret != 0) 
-			return WERR_BADFID; /* What to return here? */
-
-		/* go ahead and re-read the services immediately */
-		reload_services( False );
-
-		if ( lp_servicenumber( Printer->sharename )  < 0 )
-			return WERR_ACCESS_DENIED;
-	}
-
-	return WERR_OK;
+	return delete_printer_hook( p->pipe_user.nt_user_token, Printer->sharename );
 }
 
 /****************************************************************************

